vidar | cf938e34ed6e6b83ddd18fcaa7d16681e668a2b95ee1b05b79473b22851bab74 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AppSetup-UpdateLauncher.rar
Size

25.8MB
Sample

230530-rygspsad8w
MD5

3fbeaa6ec0da35943973cbd3c65450cd
SHA1

a4f3693570d88c38e0348eec2edc489f20b174aa
SHA256

cf938e34ed6e6b83ddd18fcaa7d16681e668a2b95ee1b05b79473b22851bab74
SHA512

09a3bba92fbf82d7a8a16a608603061e2e3f08f2f78a62d337d3361afaa695822d68f35da0397d701f99ac99b5b4007b633301d0dd02f4c0b0bc9dc031c33757
SSDEEP

786432:jqYaBYzLEai44nkA6+li/NGgvF2ezkH5W:jiBS/i4jAli/bvF2ezUW

Score

10^/10

vidar f621ec5c7376f99fa543651811a4febe spyware stealer

Malware Config

Extracted

Family

vidar

Version

4

Botnet

f621ec5c7376f99fa543651811a4febe

C2

https://steamcommunity.com/profiles/76561199508624021

https://t.me/looking_glassbot

Attributes

profile_id_v2
f621ec5c7376f99fa543651811a4febe
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

Targets

- Target
  
  AppSetup-UpdateLauncher.rar
- Size
  
  25.8MB
- MD5
  
  3fbeaa6ec0da35943973cbd3c65450cd
- SHA1
  
  a4f3693570d88c38e0348eec2edc489f20b174aa
- SHA256
  
  cf938e34ed6e6b83ddd18fcaa7d16681e668a2b95ee1b05b79473b22851bab74
- SHA512
  
  09a3bba92fbf82d7a8a16a608603061e2e3f08f2f78a62d337d3361afaa695822d68f35da0397d701f99ac99b5b4007b633301d0dd02f4c0b0bc9dc031c33757
- SSDEEP
  
  786432:jqYaBYzLEai44nkA6+li/NGgvF2ezkH5W:jiBS/i4jAli/bvF2ezUW
Score

10^/10

vidar f621ec5c7376f99fa543651811a4febe spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vidarf621ec5c7376f99fa543651811a4febespywarestealer